Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabindra_Khadka
Contributor

Is there any Checkpoint site where we can check/verify the IP reputation (like virustotal)

Hello Team,

 

I found that some IPs are not categorized as malicious by checkpoint firewall but my endpoint protection has detected it as malicious and block the connection. I checked the same IP in Virustotal and it shows malicious as well.

Now, I want to verify that IP belongs to the malicious IP in the checkpoint IP reputation database or not.

Is there any checkpoint site or apps to check if some IPs are malicious or not in the checkpoint IP reputation database? 

 

Need your help

Thank You,

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

We don’t have a public site where you can query ThreatCloud.
I believe InfinitySOC offers a way to query it.

What Threat Prevention blades are active on your Gateways and what profile are you using?
What version/JHF level?

0 Kudos
Rabindra_Khadka
Contributor

Hi @PhoneBoy ,

We have an NGTX license on the security gateway and We are using a custom profile clone of the default strict TP profile.

The Gateway OS version is R80.30 and the currently installed JHF version is Take 227.

 

0 Kudos
PhoneBoy
Admin
Admin

NGTX license doesn't mean you have the necessary blades enabled 🙂
Note that IP reputation would generally blocked with Anti-Virus and/or Anti-Bot blades.

0 Kudos
Rabindra_Khadka
Contributor

@PhoneBoy 

We have installed and configured the IPS, Anti-Virus, Anti-Bot, Threat-Emulation, and Anti-Spam Blade in Checkpoint Firewall.

We have reviewed the configuration also. 

Is this InfinftySOC Checkpoint Cloud Product or Tools? Can anyone have permission access to use this? or do we need to buy this product?

0 Kudos
PhoneBoy
Admin
Admin

InfinitySOC is available in Infinity Portal as a separate offering.
I believe you can request a demo there, if not you can talk with your local Check Point office and they can set it up.

0 Kudos